sqladmin CVE-2026-46645
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (https://github.com/smithyhq/sqladmin) · only source for this CVE.
CVSS VectorVendor: https://github.com/smithyhq/sqladmin
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Impact
The ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce.
If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint - silently bypassing the restriction.
Affected endpoint:
GET /{identity}/ajax/lookup?name=<field>&term=<query>
All other endpoints enforce both checks:
| Endpoint | @login_required | is_accessible() |
|---|---|---|
list | ✓ | ✓ |
create | ✓ | ✓ |
edit | ✓ | ✓ |
delete | ✓ | ✓ |
details | ✓ | ✓ |
export | ✓ | ✓ |
ajax_lookup (before fix) | ✗ | ✗ |
ajax_lookup (after fix) | ✓ | ✓ |
Note: before this fix, ajax_lookup also lacked the @login_required decorator - unauthenticated users could query it directly. That was addressed in #1035. This report covers the remaining gap: authenticated but unauthorized users.
Patches
Two changes were made to ajax_lookup:
- Replaced the hand-rolled authentication check added in #1035 with the standard
@login_requireddecorator used by all other endpoints. - Added the missing
is_accessible(request)check, raisingHTTP 403when it returnsFalse.
Workarounds
None. Developers relying on is_accessible() to restrict model visibility are exposed regardless of what other access controls are in place.
AnalysisAI
Authorization bypass in sqladmin (pip package, versions <= 0.25.0) allows authenticated-but-unauthorized users to query restricted model data through the ajax_lookup endpoint, silently circumventing any is_accessible() access control overrides that developers have implemented. Every other admin endpoint (list, create, edit, delete, details, export) enforces both the login requirement and the is_accessible() model-level authorization hook - the ajax_lookup endpoint at GET /{identity}/ajax/lookup enforced neither prior to patching. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.
Technical ContextAI
sqladmin is a SQLAlchemy-based admin interface for Python web applications, distributed as the sqladmin pip package (CPE: pkg:pip/sqladmin). The ajax_lookup endpoint in application.py provides autocomplete/typeahead functionality for relational fields configured via form_ajax_refs model view settings. The root cause is CWE-862 (Missing Authorization): the endpoint was implemented without invoking is_accessible(request), the per-model authorization hook that the sqladmin framework exposes for developers to restrict model visibility. A prior fix in PR #1035 had added a hand-rolled authentication check to address unauthenticated access, but the model-level authorization gate was still absent. The result is a two-layer failure: the wrong authentication mechanism and a completely missing authorization check, both corrected in 0.25.1 by applying the standard @login_required decorator and adding the is_accessible(request) call that raises HTTP 403 on denial.
RemediationAI
Upgrade sqladmin to version 0.25.1 or later, which is the vendor-released patch confirmed by the GitHub advisory GHSA-54mc-gghv-4cfj (https://github.com/smithyhq/sqladmin/security/advisories/GHSA-54mc-gghv-4cfj). The fix replaces the hand-rolled authentication check with the standard @login_required decorator and adds the missing is_accessible(request) call, aligning ajax_lookup with every other endpoint in the framework. The advisory explicitly states no workaround exists. If immediate patching is not feasible, a targeted compensating control is to remove all form_ajax_refs configurations from affected ModelView classes, which eliminates the AJAX lookup functionality entirely - accept the trade-off that related-field autocomplete in forms will be disabled until the upgrade is applied.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-54mc-gghv-4cfj